Releases: vmware-tanzu/cloud-native-security-inspector
Releases · vmware-tanzu/cloud-native-security-inspector
0.4.0
What's new
- Another component “cnsi-scanner-trivy”, is added, which helps to scan the images. This new component makes it possible to scan misconfigurations, license, and CVEs in images without Harbor.
- A Redis DB will be introduced in this version to store the scanning result of this new scanner.
- For image scanner, now portal can read the report from OpenSearch which contains the new kind of report and show the information of the configuration files in images.
- Updated the deploy scripts to install all the new components.
Bug fixes:
- Fix some security problems
- Fix and improve some issues of UI.
0.3.2
What's new
- Governor integration for VAC (VMware Application Catalog) product information.
- Add product information in the assessment report.
- Project layout update
Bug fixes
- Fix Narrows not parsing repository names correctly when the repository name has multiple "/".
- Fix and add several documents need in the project.
- Fix build manger version using cnsi-manager/config/manager/kustomization.yaml change.
0.3.1
What's new
- Project layout update
- VAC (VMware Application Catalog) governor update.
Bug fixes
- Fix Security code scanning Server-side request forgery.
- Fix make file commands.
0.3.0
What's new
- Another component, Exporter, is added, which helps to decouple the scanners and the consumers. This new component makes it much easier to extend the Scanners and the exporters. #161
- The Kubebench scanner is changed into a DaemonSet, and the scanning is triggered by Events now: when there is modification on the K8s configuration file, trigger the scanning immediately. This helps to avoid unnecessary scanning and fills the time gap of CronJobs. #158
- Helm chart for Narrows is added so the users need not to download the source code when deploying Narrows. #54
- For image scanner, now Portal will read the report from OpenSearch instread of the CR in the K8s cluster. Also, we removed the CRD, AssessmentReport, which means the image report will not be stored in etcd anymore. #99
- An e2e test framework is added, and added many test cases. #52
Bug fixes
- Some code refactor work has been done to make the code well-structured.
- Fixed security issue which is introduced by beego v1 #181
- Fixed security issue which is introduced by golang.org/x/net 0.2.0 to #167
To use this release of Cloud Native Security Inspector, donwload the souce code in the attachment, then follow the README to install the project on K8s cluster.
0.2.1
This is an experimental release for the integration of VAC (VMware Application Catalog) governor. For community user who want to use this version, we recommend you to use 0.2.0.
This release include below features:
- Supports VAC governor apis (HTTPs call) to send workload informations of cluster.
- Supports CSP authentication mechanism (API_TOKEN).
0.2.0
This release include below features:
- Policy-based security management, including defining scanners to use, scanning frequency and the workloads to be scanned, etc.
- Dynamically Scanning for CVE issues in the workloads.
- Check the vulnerabilities in the K8s cluster configurations.
- Quarantine workloads with serious CVE issues.
- Scan for potiential network exposure risk and low-privelege risk.
- Provide UI for reviewing, filtering and analyzing the assessment reports.
- Support sending the historical reports to OpenSearch or ElasticSearch
To use this release of Cloud Native Security Inspector, donwload the souce code in the attachment, then follow the README to install the project on K8s cluster.
0.1.0
Feature/guide (#77) * # add risk guide info * # add risk guide info